Russia’s invasion of Ukraine in February 2022 signalled many things to the Western world, but perhaps one of the biggest warnings was how precarious energy security really was as oil and gas prices skyrocketed following the start of the war.
As Europe entered winter and the demand for energy increased, it highlighted just how vicious the cycle can be as cyberattacks on critical infrastructure and operation technology increased.
According to Mark Clark, VP Sales EMEA North, Onapsis, there was a time before the Ukraine war when those attacks might just have been an inconvenience, but the seriousness and ripple effects of those attacks are now even more far-reaching, presenting a major threat to lives and livelihoods. Clark emphasises: “especially among the most vulnerable in society. This is why it is critical for governments and businesses to do everything they can to protect their critical infrastructure and improve the security of their operational technology.”
The cyber energy crisis
Clark looks at the most important state-led cyberattacks: “The energy crisis highlighted the significant rise in nation-state-sponsored cyberattacks, with utilities becoming one of the main targets. The sector was already victim to 10.7 percent of attacks globally in 2022 and it is expected to increase even more in 2023 and the foreseeable future.”
The consequences of such an attack being successful can be catastrophic. Clark lists these as: “With potential loss of life, property damage, and economic disruption. An estimated 7.5 million households in the UK already live in fuel poverty, and living in freezing cold homes poses threats to lives, particularly among the elderly. Just last month, the UK government warned that Russian hackers affiliated with the paramilitary Wagner group were seeking “to disrupt or destroy” parts of the UK’s critical national infrastructure.”
UK Cabinet Office minister Oliver Dowden issued a national alert to key businesses amid increasing concerns that Russia might search for new ways to target and threaten the West as it continues to struggle on the battlefield in Ukraine. Dowden added that while the hackers lacked the capacity at this stage to do widespread damage, the threat was rapidly growing.
“I don’t think we are yet doing enough to protect our infrastructure from the cyber threats emerging from Russia-aligning groups,” Lindy Cameron, the head of the UK’s National Cyber Security Centre, said at the time.
Clark adds: “The rise of the threat of cyberattacks on critical infrastructure in the West is such that over a third of organisations in the UK said they anticipated an increase in cyberattacks, with a number of high-profile businesses already falling victim to these attacks in 2023 alone.”
“Cybercriminals worldwide are becoming increasingly resilient, resourceful, and stealthy in their pursuit of critical data,” said Laurance Dine, Global Partner for IBM’s X-Force Incident Response team.
“In Europe, we saw adversaries overwhelmingly exploiting unpatched vulnerabilities to infiltrate victim environments in 2021, highlighting the importance of adopting a Zero Trust approach to security. Businesses must start operating under the assumption of compromise, putting the proper controls in place to defend their environment and protect critical data,” he said. “In the UK, critical industries such as energy, manufacturing and finance are key targets for cybercriminals, underlining the importance of the government’s National Cyber Security Strategy to ensure the economy remains resilient in our fast-moving digital world.”
Clark’s summation of these points runs: “It is therefore essential that utility professionals prioritise cybersecurity as a critical aspect of their operational technology and cybersecurity protocols. This means investing in robust security measures to protect their infrastructure, which includes regular risk assessments, continuous attack surface monitoring and management, ongoing monitoring of networks, and a comprehensive incident response plan in the event of an attack.”
Furthermore he says: “It is also crucial that utility professionals work closely with cybersecurity experts to ensure that they have the latest knowledge and tools to defend against evolving cyber threats. This includes staying up-to-date on the latest cybercrime trends, as well as investing in training and development to improve cybersecurity awareness among staff.”
Considering opportunities against threats, Clark finds: “While the digitalisation of the world has undoubtedly created more opportunities, it has also created more risks such as unauthorised system and configuration changes. Despite the increase in these risks, there are several things businesses can do to minimise the risk while actively monitoring their systems and putting in place skilled people to ensure infrastructure and networks are protected.”
Clark concludes: “Although cyberattacks could become more frequent and organised in our increasingly digitised world and as a result worsen the energy crisis, it also presents an opportunity for businesses and leaders to build their systems to be cyber resilient and implement a business continuity plan.”